CWE-502 · Deserialization of Untrusted Data
2865 CVEs classified under CWE-502 (Deserialization of Untrusted Data). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41104 | Critical | 10.0 | 2026-05-22 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. |
CVE-2026-43633 | Critical | 10.0 | 2026-05-19 | HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and… |
CVE-2026-45829 | Critical | 10.0 | 2026-05-18 | A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary… |
CVE-2026-33819 | Critical | 10.0 | 2026-04-23 | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. |
CVE-2026-20131 | Critical | 10.0 | 2026-03-04 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker… |
CVE-2026-25632 | Critical | 10.0 | 2026-02-06 | EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EP… |
CVE-2025-14931 | Critical | 10.0 | 2025-12-23 | Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attacker… |
CVE-2025-55182 | Critical | 10.0 | 2025-12-03 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following… |
CVE-2025-58384 | Critical | 10.0 | 2025-09-26 | In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc ad… |
CVE-2025-10035 | Critical | 10.0 | 2025-09-18 | A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deseriali… |
CVE-2025-42944 | Critical | 10.0 | 2025-09-09 | Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious… |
CVE-2025-48200 | Critical | 10.0 | 2025-05-21 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. |
CVE-2025-30012 | Critical | 10.0 | 2025-05-13 | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to sen… |
CVE-2025-32444 | Critical | 10.0 | 2025-04-30 | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration… |
CVE-2024-44102 | Critical | 10.0 | 2024-11-12 | A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured)… |
CVE-2024-5932 | Critical | 10.0 | 2024-08-20 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 v… |
CVE-2024-37099 | Critical | 10.0 | 2024-08-19 | Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. |
CVE-2024-5675 | Critical | 10.0 | 2024-06-06 | Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker… |
CVE-2024-30225 | Critical | 10.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. |
CVE-2024-30224 | Critical | 10.0 | 2024-03-28 | Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. |